cbcvebase.
CVE-2019-11500
published 2019-08-29

CVE-2019-11500: In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0'…

PriorityP271critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITW
Exploited in the wild
EPSS
62.32%
99.1th percentile
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandovecot< dovecot 1:2.3.7.2-1 (bookworm)dovecot 1:2.3.7.2-1 (bookworm)
dovecotdovecot< 2.2.36.42.2.36.4
dovecotdovecot>= 0 < 1:2.3.7.2-11:2.3.7.2-1
dovecotdovecot>= 0 < 1:2.3.7.2-11:2.3.7.2-1
dovecotdovecot>= 0 < 1:2.3.7.2-11:2.3.7.2-1
dovecotdovecot>= 0 < 1:2.3.7.2-11:2.3.7.2-1
dovecotdovecot>= 2.3.0 < 2.3.7.22.3.7.2
dovecotpigeonhole< 0.5.7.20.5.7.2
fedoraprojectfedora

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability exists in IMAP and ManageSieve protocol parsers — monitor for malformed quoted strings containing NULL bytes ('\0' characters) sent to Dovecot IMAP or ManageSieve ports
  • Trigger condition is a specially crafted quoted string with embedded '\0' characters in IMAP or ManageSieve protocol traffic — inspect protocol-level data for NULL bytes inside quoted string literals
  • Affected components: Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2, and Pigeonhole before 0.5.7.2 — use version detection to identify unpatched instances
  • ·The vulnerability is exploitable remotely via the IMAP and ManageSieve protocol parsers; both services should be considered attack surfaces and monitored independently
  • ·Dovecot on Red Hat Enterprise Linux 5 is out of support scope and will not receive a patch — deployments on this platform remain permanently vulnerable

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.